<x-flowed>At 01:27 PM 02/03/2001 -0800, Mike Noyes wrote
>At 12:36 PM 2/3/01 -0800, msensney@mail wrote:
>>Instead, why not test our "standard" distributions against the list of
>>well know Internet scanning services? For example: the WebSaint scanning
>>service. Cost for a complete scan of a single workstation/server
>>unlimited usage is $50 for 3 months or $100 for 1 year. Then post links
>>to the scan results and to the scanning services that performed the
>>tests. You could also test the distributions with various LRP packages
>>loaded.
>
>Mike,
>Is this what you had in mind?
Close. My idea is that somebody not connected with LEAF/LRP do the security
checking. A security audit as performed by WebSaint (among others) would
give us a "standard" audit we can brag about and that ordinary people can
verify: Go to WebSaint, pay $50 for 3 month unlimited, ask for complete
scan
to be performed. We should even suggest that they can go to
https://grc.com/x/ne.dll?bh0bkyd2 and do the free "Shields Up!" quick
security survey of their current setup, which in most cases will be a naked
Win box on the Internet.
It would also be a good idea to explain the shortcomings of LRP. LRP is a
network protecting tool. You still need virus scanners and such to protect
individual computers from other sources of nastiness. See
http://grc.com/lt/scoreboard.htm for some interesting info on "personal"
firewalls.
>https://sourceforge.net/pm/?group_id=13751
>Security
>Task ID: 25528
>Summary: Test releases with NMAP and Nessus
(Add Saint to this list.)
I would say that scans by NMAP, Nessus and Saint are also a good idea. This
would give our products another layer of security checking. But if I have
to
choose between internal vs external audits, I would still choose external.
(If our in house tester makes a mistake it reflects bad on us. If WebSaint
makes a mistake...well its not our fault.
BTW, we can always create our own professional association with its own
firewall certification criteria. How about the YAFCA? (Yet Another Firewall
Certifying Association)
</x-flowed>
